Outlook Web Access corrupts HTML attachments

Microsoft claims the filtering protects users by removing malicious elements, but the deletions can ruin a collaborative project and the “feature” isn’t present in any other Microsoft mail products.

Microsoft Exchange stealth-edits your e-mail If you use Microsoft’s Outlook Web Access (OWA) to send someone an HTML file, don’t expect them to see any of the file’s comments or scripts. The file you receive may look completely normal, but Microsoft has edited the comments from the file along with other material the company considers dangerous.

It gets worse. According to Microsoft Knowledge Base article 899394, OWA may corrupt the structure of the message, remove some advanced functions, and eliminate other harmless content in the message itself or any attachments.

“Even if an e-mail message appears to be unmodified in Outlook 2003, that same e-mail message may be missing content when you view the message in Outlook Web Access,” the article states bluntly.

You needn’t even view the attachments to have them modified by the service. Merely right-clicking an attachment and saving it to your computer causes the file’s code to be stripped. Microsoft calls this feature of OWA “Safe HTML” filtering.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.